Privacy Policy

MARVCREST LIMITED, a company incorporated under the laws of the Federal Republic of Nigeria, trading as "MarvCrest" ("MarvCrest", "we", "our", or "us"), is committed to protecting your personal data. This Privacy Policy explains what information we collect, how we use it, how we store it, and your rights regarding your data.

We comply with the Nigeria Data Protection Act (NDPA) 2023 and, where applicable, the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), and other relevant international data protection laws.

We collect the following categories of personal data:

• Identity information: full name, date of birth, nationality, passport number, and other identification details
• Contact information: email address, phone number, postal address
• Case information: travel intent, visa type, destination country, employment details, educational background, and other details relevant to your advisory case
• Documents: copies of passports, bank statements, certificates, letters, and other supporting documents you upload to our platform
• Payment information: transaction records processed through Paystack (we do not store card numbers directly)
• Usage data: pages visited, features used, device and browser information, collected automatically when you use our website and platform

We use your personal data to:

• Provide and deliver our advisory services
• Assess your eligibility for visas, travel, and related services
• Communicate with you about your case and our services
• Process payments for services rendered
• Comply with legal and regulatory obligations
• Improve our services, website, and user experience
• Send service-related notifications (case updates, deadlines, policy changes)

We will not use your personal data for marketing purposes without your explicit consent.

We obtain your explicit consent before collecting and processing your personal data. Consent is obtained at the point of engagement, before any case work begins. You may withdraw your consent at any time by contacting us, though this may affect our ability to deliver certain services.

Your data is stored securely using industry-standard encryption and access controls. Documents are stored in encrypted cloud storage (Cloudflare R2) with access restricted to authorised personnel only.

We implement technical and organisational measures to protect your data against unauthorised access, alteration, disclosure, or destruction. These include encrypted connections (TLS), role-based access controls, and regular security reviews.

We may share your data with:

• Third-party service providers: travel booking partners, accommodation providers, and logistics partners, only to the extent necessary to deliver the services you have requested
• Payment processors: Paystack, for secure payment processing
• Legal authorities: where required by law or to protect our legal rights

We do not sell your personal data to third parties. We do not share your data for advertising or marketing purposes without your explicit consent.

We retain your personal data for as long as necessary to provide our services and fulfil our legal obligations. Case-related data is typically retained for a minimum of six years following the completion of services, in line with regulatory requirements.

You may request deletion of your data at any time, subject to our legal retention obligations.

Under applicable data protection laws, you have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data (subject to legal retention requirements)
• Withdraw consent at any time
• Object to processing of your data for certain purposes
• Request a copy of your data in a portable format
• Lodge a complaint with the Nigeria Data Protection Commission (NDPC) or other relevant authority

To exercise any of these rights, contact us at [email protected].

As a globally operating advisory firm, your data may be processed in countries outside Nigeria. Where we transfer data internationally, we ensure appropriate safeguards are in place in accordance with the NDPA, UK GDPR, and EU GDPR, including standard contractual clauses where required.

Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, please contact us immediately.

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated revision date. We encourage you to review this page periodically.

For privacy-related questions or to exercise your data rights, contact us at [email protected] or through our contact page.